The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-425,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| van-ons | wp-gdpr-compliance | * |